23500 security gateway - check point software · generation security gateway. the 23500 security...
TRANSCRIPT
© 2020 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | January 6, 2020
23500 Security Gateway | Datasheet
1
Ready to battle any threat, from small to the fifth generation large scale and multi-vector attacks, our
security gateways provide superior threat prevention and a unified security management. Check Point
23500 Next Generation Firewall combines the most comprehensive protections with data center-grade
security and hardware to maximize uptime and performance for securing large enterprise and data
center environments.
PERFORMANCE HIGHLIGHTS
Gen II Security
Firewall
Gen III Security
NGFW1
Gen V Security
Threat Prevention + SandBlast2
52 Gbps 13.75 Gbps 11 Gbps
Performance measured with enterprise testing conditions. Additional performance details on page 4. 1. Includes Firewall, Application Control,
and IPS. 2. Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti -Bot and SandBlast Zero-Day Protection.
The Most Advanced Threat Prevention
Full Security Uncompromising Performance
Protection from unknown threats and zero-day attacks
Highly optimized with up to 11 Gbps of threat prevention throughput
Powerful platforms for inspection of SSL traffic
23500 SECURITY GATEWAY
Designed to Secure Encrypted Traffic
© 2020 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | January 6, 2020
23500 Security Gateway | Datasheet
2
23500 Data center grade security, performance and reliability The Check Point 23500 Next Generation Security Gateway combines the most comprehensive security protections with data center grade hardware to maximize uptime while safeguarding enterprise and data center networks. The 23500 is a 2U Next Generation Security Gateways with five I/O expansion slots for high port capacity, redundant AC or DC power supplies and fans, a 2x 1TB (HDD) or 2x 480GB (SSD) RAID1 disk array, and Lights-Out Management (LOM) for remote management. If you’re ready for 25, 40 or 100 GbE, so is the 23500 Next Generation Security Gateway - with its 40 and 100/25 GbE IO card options.
1st time prevention of known and zero-day threats
Achieve up to 11 Gbps of threat prevention throughput
Consolidate SSL inspection into one integrated security platform
Key Features & Benefits
Advanced Threat Prevention ….…
Uncompromising Performance .…
Secure Encrypted Traffic ………...
© 2020 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | January 6, 2020
23500 Security Gateway | Datasheet
3
SPOTLIGHT
Prevent Known and Zero-day Threats
Zero-day protection offering network
security with evasion-resistant malware
detection and complete protection from
the most advanced attacks, ensuring
quick delivery of safe content to users.
All-inclusive Security Solutions
Check Point 23500 Next Generation
Security Gateway offers a complete and
consolidated security solution available
in two complete packages:
Threat Prevention
Threat Prevention + SandBlast
Inclusive High Performance Package
Purchase the affordable High
Performance Package (HPP). This
includes the base system plus two 4x
10GbE SFP+ interface cards,
transceivers and 64 GB of memory for
high connection capacity.
100, 40 and 25 GbE Connectivity
If you’re ready to move from 10 to 25,
40 or 100 GbE, so is the 23500 Next
Generation Security Gateway. The
23500 Security Gateway lets you
connect your 10 GbE server uplinks to
your core network.
DATA CENTER GRADE PLATFORM
1
GbE 10
GbE 40
GbE 100/25 GbE
Memory Redundant
Storage Redundant
Power LOM
23500
Base 10 2 0 0 16 GB
HPP 10 10 0 0 64 GB
Maximums 42 20 6 6 128 GB
23500 SECURITY GATEWAY
Graphic LCD display
2 x 1TB (HDD) or 2x 480GB (SSD) RAID1
Five network card expansion slots
USB ports for ISO installation
Console port
Lights-Out Management port
Sync 10/100/1000Base-T RJ45
Management 10/100/1000Base-T RJ45
4
3
1 2
5
6
7
8
1
2
3
4
5
6
7
8
© 2020 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | January 6, 2020
23500 Security Gateway | Datasheet
4
Performance
Enterprise Testing Conditions
11 Gbps of Threat Prevention1
13.75 Gbps of NGFW2
14.45 Gbps IPS
52 Gbps of firewall throughput
Ideal Testing Conditions
116 Gbps of UDP 1518 byte packet firewall throughput
26 Gbps of AES-128 VPN throughput
310,000 connections per second, 64 byte response3
6.4/25.6/51.2M concurrent connections, 64 byte response3
1: Includes Firewall, Application Control and IPS. 2: Includes Firewall, Application Control, URL
Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection. 3: Performance measured
with default/HPP/maximum memory with R80.10.
Additional Features
Highlights
2x CPUs, 20x physical cores, 40x virtual cores (total)
2x 1TB HDD or 480GB SSD RAID1 storage
16, 64 and 128 GB memory options
Lights-Out-Management card is Included
Virtual Systems (base/HPP/max mem): 60/250/250
Network Expansion Slot Options (3 of 5 slots open)
1x 10/100/1000Base-T RJ45 port card, up to 42 ports
4x 1000Base-F SFP port card, up to 20 ports
4x 10GBase-F SFP+ port card, up to 20 ports
2x 40G QSFP+ port card, up to 6 ports
2x 100/25G QSFP28 port card, up to 6 ports
Fail-Open/Bypass Network Options
4x 10/100/1000Base-T RJ45 port card
2x 10GBase-F SFP+ port card
Content Security
First Time Prevention Capabilities
CPU-level, OS-level and static file analysis
File disarm and reconstruction via Threat Extraction
Average emulation time for unknown files that require full
sandbox evaluation is under 100 seconds
Maximal file size for Emulation is 100 MB
Emulation OS Support: Windows XP, 7, 8.1, 10
Applications
Use 8,000+ pre-defined or customize your own applications
Accept, prevent, schedule, and apply traffic-shaping
Data Loss Prevention
Classify 700+ pre-defined data types
End user and data owner incident handling
Content Security (continued)
Dynamic User-based Policy
Integrates with Microsoft AD, LDAP, RADIUS, Cisco pxGrid,
Terminal Servers and with 3rd parties via a Web API
Enforce consistent policy for local and remote users on
Windows, macOS, Linux, Android and Apple iOS platforms
Network
Network Connectivity
Total physical and virtual (VLAN) interfaces per appliance:
1024/4096 (single gateway/with virtual systems)
802.3ad passive and active link aggregation
Layer 2 (transparent) and Layer 3 (routing) mode
High Availability
Active/Active L2, Active/Passive L2 and L3
Session failover for routing change, device and link failure
ClusterXL or VRRP
IPv6
NAT66, NAT64, NAT46
CoreXL, SecureXL, HA with VRRPv3
Unicast and Multicast Routing (see SK98226)
OSPFv2 and v3, BGP, RIP
Static routes, Multicast routes
Policy-based routing
PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3
Physical
Power Requirements
Single Power Supply rating: 800W
AC power input: 90 to 264V (47-63Hz)
DC input current: -40.5V/24A -48V/19.2A, -60V/16.0A
Power consumption avg/max: AC222/383W, DC324.8/376W
Maximum thermal output: 1306.9 BTU/hr.
Dimensions
Enclosure: 2RU
Dimensions (WxDxH): 17.4x20.84x3.5 in. (442x529x88mm)
Weight: 34.8 lbs. (15.8 kg)
Environmental Conditions
Operating: 0° to 40°C, humidity 5% to 95%
Storage: –20° to 70°C, humidity 5% to 95% at 60°C
Certifications
Safety: UL, CB, CE, TUV GS
Emissions: FCC, CE, VCCI, RCM/C-Tick
Environmental: RoHS, WEEE, REACH1, ISO140011
1. factory certificate
© 2020 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content | January 6, 2020
23500 Security Gateway | Datasheet
5
ORDERING 23500 SECURITY GATEWAYS BASE CONFIGURATION 1 SKU
23500 Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 2x 10GbE SFP+ ports + 2 SR transceivers, 16GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), 2 Virtual Systems, Next Generation Threat Prevention (NGTP) Subscription Package for 1 Year
CPAP-SG23500-NGTP
23500 SandBlast Next Generation Security Gateway Base Configuration, includes 10x1GbE copper ports, 2 x 10GbE SFP+ ports + 2 SR transceivers, 16GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), 2 Virtual Systems, SandBlast (NGTX) Subscription Package for 1 Year
CPAP-SG23500-NGTX
HPP CONFIGURATION 1 SKU
23500 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, 10x10Gb SFP+ ports, 10 SR transceivers, 64 GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), 2 Virtual Systems, Next Generation Threat Prevention (NGTP) Subscription Package for 1 Year
CPAP-SG23500-NGTP-HPP
23500 Next Generation Security Gateway with High Performance Package, includes10x1GbE copper ports, 10x10Gb SFP+ ports, 10 SR transceivers, 64 GB RAM, 2 HDD, 2 AC Power Units, Lights Out Management (LOM), 2 Virtual Systems, Next Generation Threat Extraction (SandBlast) Subscription Package for 1 Year
CPAP-SG23500-NGTX-HPP
INTERFACE CARDS AND TRANSCEIVERS SKU
8 Port 10/100/1000 Base-T RJ45 interface card CPAC-8-1C-B
4 Port 1000Base-F SFP interface card; requires additional 1000Base SFP transceivers CPAC-4-1F-B
SFP transceiver module for 1G fiber ports - long range (1000Base-LX) CPAC-TR-1LX-B
SFP transceiver module for 1G fiber ports - short range (1000Base-SX) CPAC-TR-1SX-B
SFP transceiver to 1000 Base-T RJ45 (Copper) CPAC-TR-1T-B
4 Port 10GBase-F SFP+ interface card CPAC-4-10F-B
SFP+ transceiver module for 10G fiber ports - long range (10GBase-LR) CPAC-TR-10LR-B
SFP+ transceiver module for 10G fiber ports - short range (10GBase-SR) CPAC-TR-10SR-B
2 Port 40G QSFP+ interface card CPAC-2-40F-B
QSFP+ transceiver module for 40G fiber ports - short range (40GBase-SR) CPAC-TR-40SR-QSFP-300m
QSFP+ transceiver module for 40G fiber ports - long range (40GBase-LR) CPAC-TR-40LR-QSFP-10K
Bi-directional QSFP+ transceiver for 40G fiber ports - short range (40GBase-SR-BiDi) CPAC-TR-40SR-QSFP-BiDi
2 Port 100/25G QSFP28 interface card CPAC-2-100/25F
SFP28 transceiver module for 25G fiber ports with QSFP28 adaptor - short range (25GBase-SR) CPAC-TR-25SR-ADP
SFP28 transceiver module for 25G fiber ports with QSFP28 adaptor - long range (25GBase-LR) CPAC-TR-25LR-ADP
QSFP28 transceiver module for 100G fiber ports - short range (100GBase-SR4) CPAC-TR-100SR
QSFP28 transceiver module for 100G fiber ports - long range (100GBase-LR4) CPAC-TR-100LR
4 Port 1GE copper Bypass (Fail-Open) network interface card (10/100/1000 Base-T) CPAC-4-1C-BP-B
2 Port 10GE short-range Fiber Bypass (Fail-Open) network interface card (10GBase-SR) CPAC-2-10-FSR-B-BP
MEMORY SKU
Memory upgrade kit from 16GB to 64GB for 23500 appliance CPAC-RAM48GB-23500
Memory upgrade kit from 16GB to 128GB for 23500 appliance CPAC-RAM112GB-23500
Memory upgrade kit from 64GB to 128GB for 23500 appliance CPAC-RAM64GB-23500
SPARES AND MISCELLANEOUS SKU
Additional/Replacement 1 TB hard drive for 15000 and 23000 appliances CPAC-HDD-1TB-B
Replacement AC power supply for 23000 appliances CPAC-PSU-AC-23000
Dual DC power supplies for 15000 and 23000 appliances CPAC-PSU-DC-Dual-15000/23000
Replacement fan cartridge for 15000 and 23000 appliances CPAC-FAN-B
Slide rails for 15000 and 23000 Appliances (22” - 32”) CPAC-RAIL-L
Extended slide rails for 15000 and 23000 Appliances (24” - 36”) CPAC-RAIL-EXT-L
1 2 and 3 year and Virtual Systems packages also available in the online product catalog
CONTACT US EMAIL: [email protected] WEB: WWW.CHECKPOINT.COM